lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <CAKzKK0ou8gt4iBcpz9cs8V42BaOi29waXd1zCw+Cad9fs=NEtg@mail.gmail.com>
Date: Tue, 17 Jun 2025 11:41:41 +0800
From: Kuen-Han Tsai <khtsai@...gle.com>
To: Greg KH <gregkh@...uxfoundation.org>
Cc: prashanth.k@....qualcomm.com, hulianqin@...o.com, 
	krzysztof.kozlowski@...aro.org, mwalle@...nel.org, jirislaby@...nel.org, 
	linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, 
	stable@...r.kernel.org
Subject: Re: [PATCH 1/2] Revert "usb: gadget: u_serial: Add null pointer check
 in gs_start_io"

On Mon, Jun 16, 2025 at 10:18 PM Greg KH <gregkh@...uxfoundation.org> wrote:
>
> On Mon, Jun 16, 2025 at 09:21:46PM +0800, Kuen-Han Tsai wrote:
> > This reverts commit ffd603f214237e250271162a5b325c6199a65382.
> >
> > Commit ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in
> > gs_start_io") adds null pointer checks at the beginning of the
> > gs_start_io() function to prevent a null pointer dereference. However,
> > these checks are redundant because the function's comment already
> > requires callers to hold the port_lock and ensure port.tty and port_usb
> > are not null. All existing callers already follow these rules.
> >
> > The true cause of the null pointer dereference is a race condition. When
> > gs_start_io() calls either gs_start_rx() or gs_start_tx(), the port_lock
> > is temporarily released for usb_ep_queue(). This allows port.tty and
> > port_usb to be cleared.
> >
> > Cc: stable@...r.kernel.org
> > Fixes: ffd603f21423 ("usb: gadget: u_serial: Add null pointer check in gs_start_io")
>
> As this is removing unneeded checks, why is it cc: stable?  What bug is
> being resolved here?
>
> confused,
>
> greg k-h

Sorry for not using the "cc: stable" correctly. I'll remove it and send
out a new version soon.

Regards,
Kuen-Han

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ